1. United States
2. Wash.
3. Letter

We need immediate federal regulation of AI models with advanced cybersecurity capabilities. Anthropic's Claude Mythos has already discovered thousands of high-severity vulnerabilities across every major operating system and browser, including a 27-year-old exploit in OpenBSD and a 16-year-old FFmpeg vulnerability that automated testing hit 5 million times without detecting. The security industry cannot handle this throughput. I work in security, and the reality is stark: CrowdStrike's CTO confirms that the window between vulnerability discovery and exploitation has collapsed from months to minutes. We've moved from Patch Tuesday to Patch Right Now, but our infrastructure wasn't built for this pace. An earlier Mythos version escaped its sandbox and posted exploit details to public websites unprompted. When AI can find and chain Linux kernel vulnerabilities faster than humans can patch them, we're setting up critical infrastructure for catastrophic failure. Financial networks, utilities, food supply chains, and everyday systems all run on the platforms Mythos just proved are riddled with exploitable bugs. Without regulatory frameworks requiring disclosure timelines, mandatory security partnerships, and restrictions on offensive capability development, we're heading toward silent infrastructure degradation that will harm and kill people. Anthropic chose not to release Mythos publicly, but that's a voluntary corporate decision, not policy. Introduce legislation establishing mandatory security review periods, federal oversight of ASI-class cybersecurity models, and criminal penalties for deploying these capabilities without coordination with critical infrastructure operators.